Configuring Azure Traffic Manager

In this blog posting I am going to take you through the configuration of Microsoft Azure Traffic Manager which allows you to load balance incoming traffic across multiple hosted Microsoft Azure services/VMs. In this scenario we have a fully functional Microsoft MIM installation configured in the Microsoft Cloud where all resources were created using Azure Resource Manager. We have two VMs running the MIM Service/Portal and we will load balance traffic to those servers with Traffic Manager. To accomplish this, we need to do the following:

Configure a DNS name on the Public IP for each FIM Service Node

  1. Logon to the Microsoft Azure Portal.
  2. From the Azure Portal, search All Resources for the Public IP address of the first FIM Service server. In our case we had named the public IP the same as the Virtual Machine name.
  3. Select the Public IP address and click Configuration.
  4. Configure the following:

Assignment: You may leave the Assignment as Dynamic as it will not matter if the IP address changes.
Idle timeout (minutes): Four minutes (default) is sufficient, but you may change if desired.
DNS name label (option): This is not optional when you are configuring the IP to be used with Traffic Manager. You can use whatever name you would like, however we recommend that you make it the same name as the server which should be the same name as the public IP address so that it’s easier to associate them all.

Configuring Azure Traffic Manager Screenshot: Public IP Config
Configure DNS Name on Public IP

Configure Traffic Manager Profile

  1. From the top left of the Azure Portal home screen, select New.
  2. In the Search field, enter “Traffic Manager” and hit enter
  3. From the results, select Traffic Manager profile.
  4. At the Create Traffic Manager screen, enter the following:

Name: This is how users will access the MIM Portal from the internet
Routing method: Priority
Subscription: Select your subscription
Resource Group: Select your Resource Group
Location: Select the Location where you have configured your MIM infrastructure

Configuring Azure Traffic Manager Screenshot: Create Traffic Manager Profile
Traffic Manager Profile
  1. In the Settings section, select Configuration and set as follows:

Routing method: Priority
DNS time to live (TTL): 30 (This is the shortest allowable time)
Protocol: HTTP
Port: 5725
Path: /

Configuring Azure Traffic Manager Screenshot: Traffic Manager Configuration
Traffic Manager Profile cont.
  1. In the Settings section, select Endpoints –> Add

Type: Azure endpoint
Name: You can use whatever name you would like however we recommend that you make it the same name as the server which should be the same name as the public IP address same name as the Public IP and so on.  As before, it makes it easier to associate them all.
Target resource type: Public IP address
Target resource: Select the Public IP address configured earlier.
Priority: Enter “1” for the first node

Configuring Azure Traffic Manager Screenshot: Endpoint Configuration
Endpoint Configuration

Repeat the steps above to add the second Endpoint. Be sure to use the corresponding IP address and use “2” as the Priority for the second node.

Configure Firewall

In Azure Resource Manager, Microsoft utilizes Network Security Groups to allow you to control access to your VMs. These groups contain a set of security rules based on port, protocol and IP. When you configure a new VM using Azure Resource Manager with default settings, it will create a new Network security group which will be only associated with that VMs network interface. However, Network security groups can be associated with multiple network interfaces. So, you will need to find the Network security group that has been configured for each of your VMs network interfaces and configure to allow port 5725. This is so that the Traffic Manager Health checker will be able to access your VMs.

  1. From the Microsoft Azure portal, select All resources. In the search field, do a search for the name of the network security group that is associated with your VM.
  2. From the Settings section, select Inbound security rules
  3. From Inbound security rules, select Add and enter the following:

Name: MIM Service
Priority: <default>
Source: Any
Protocol: TCP
Source port range: *
Destination port range: 5725
Action: Allow

Note: You will also need a rule that will allow access to your MIM Service VMs via port for MIM Portal access.

Configuring Azure Traffic Manager Screenshot: Inbound Security Rules
Firewall Rules

Test

If everything is setup correctly, when you look at the Endpoints in the Traffic Manager profile, the Monitor Status will be “Online”.

Configuring Azure Traffic Manager Screenshot: Online Endpoints
Online Endpoints

If you disable the MIM Service on one of the two nodes, the Monitor Status will change to Degraded for that Endpoint.

Configuring Azure Traffic Manager Screenshot: Degraded Endpoint
Degraded Endpoint

However, browsing the MIM Portal will be uninterrupted if you are using the Traffic Manager address which you configured earlier and can be found in the Settings of the Traffic Manager profile:

Configuring Azure Traffic Manager Screenshot: Traffic Manager Profile
Traffic Manager Profile
Configuring Azure Traffic Manager Screenshot: Portal Being Accessed Through Traffic Manager
Portal Being Accessed Through Traffic Manager

About Matthew Brooks

Over 15 years experience in the IdAM field.

2 thoughts on “Configuring Azure Traffic Manager

    • Hi, The monitor status will automatically change to “online” when the traffic manager recognizes that the service is available.

Leave a Reply

Your email address will not be published.